2026-06-09 AI创业新闻
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June 8, and it is not even the first public exploit: FuzzingLabs published an independent reproduction back in April. The flaw came down to a single stray character, an inverted check in nf_tables, and the upstream fix removed it in one line.
Ubuntu rates the flaw CVSS 7.8 (high). If your distribution’s kernel package does not yet include the fix, update and reboot. The reachable setup is common: nf_tables plus unprivileged user namespaces, a Linux feature that lets an ordinary account act as root inside a private sandbox and reach kernel code it otherwise could not. Both ship by default on most desktops and many server builds.
There is no remote vector on its own. This is a bug that an attacker reaches for after getting a foothold, turning a low-privileged shell, a compromised container, or a service account into root on the host. Exodus researcher Oliver Sieber, who found the bug in early 2025, chained it into a full local root. The exploit sets off the use-after-free, works around the kernel’s built-in memory protections, then seizes control of execution to grant itself root and break out of the container’s namespace.
He demonstrated it on Debian Bookworm, Debian Trixie, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. FuzzingLabs reproduced the bug on RHEL 10 ahead of Pwn2Own Berlin 2026, building its own root exploit by a different route. The timeline is tight: the fix shipped February 5, FuzzingLabs published April 16, and Exodus’s detailed write-up landed June 8. The technique is now documented across Debian, Ubuntu, and Red Hat.
Because the bug is in the mainline, any distribution that shipped a vulnerable kernel with both features enabled is exposed, unless a distribution’s hardening or namespace restrictions block the path. CVE-2026-23111 lands in the middle of a heavy run of Linux local-root disclosures. Recent weeks have brought Copy Fail , the Dirty Frag chain, its Fragnesia variant, DirtyDecrypt , and a nine-year-old ptrace flaw that reads /etc/shadow and runs commands as root. They differ in the details, but share the part that should worry defenders: an unprivileged foothold keeps turning into root on ordinary installs.
Update the kernel and reboot. The bug is local-only and needs unprivileged user namespaces, so focus first on systems that let untrusted users or workloads create them. Ubuntu has fixes for 22.04, 24.04, and 25.10, and Debian fixed Bookworm and Trixie, with a 6.1 backport for Bullseye LTS. Red Hat, SUSE, and Amazon Linux track the flaw as well; check your distribution’s advisory for the kernel package that matches yours, since the exact fixed version varies.
The fix upstream was a single line of code. There is a bigger picture. In a recent review of the LPE surge , Synacktiv links the pace to AI-assisted research and patch-diffing that put working exploits out before fixes spread, and makes the case that ordinary hardening still buys defenders time. Most of these bugs lean on optional kernel features or loose defaults, so cutting off what unprivileged users can reach, user namespaces in this case, holds the exploit off until the patch is in.
There are no public reports of exploitation in the wild, and no threat actor has been tied to it. The patch has been out since February, and exploit code has been public since April. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Meta Blocks NSO Group’s New WhatsApp Phishing Attack, Files Contempt Order
Meta on Monday said it detected and blocked spear-phishing attempts linked to Israeli spyware vendor NSO Group . In addition, the tech giant said it’s filing a federal court contempt order against the company for violating a permanent injunction that barred it from targeting WhatsApp and its users. “They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp, similar to previously reported 1-click phishing campaigns linked to NSO,” Meta said . The social media company also said it caught NSO Group creating test accounts and groups on WhatsApp.
They have since been taken down by Meta. The list of malicious domains linked to the activity is listed below - fr24cast[.]com ghazacast[.]com ikhwancast[.]com Meta did not disclose any technical details about the campaign, including when the activity occurred, how many users were targeted, if any of those attacks were successful, and how the activity was tied to NSO Group. The development comes a year after NSO Group was fined approximately $168 million in monetary damages, after a U.S. court found the company to have violated U.S.
laws by exploiting WhatsApp servers to deploy Pegasus spyware targeting over 1,400 individuals globally. In 2021, the company was also added to a U.S. Commerce Department blocklist for engaging in activities that are “contrary to the national security or foreign policy interests of the United States.” “As always, WhatsApp users’ personal messages and calls remain protected with default end-to-end encryption,” Meta said. “We encourage people to keep their apps and devices up to date and report suspicious activity so we can quickly investigate and take action.” Users who believe they may be at elevated risk of sophisticated cyber attacks because of who they are and what they do are recommended to enable strict account settings to harden their accounts.
The feature reduces the attack surface by locking the account to more private settings, such as follows - Two-step verification is turned on. Link previews are turned off. Last seen and online, profile photo, About details, and profile links are locked to contacts only or to a pre-established list of people. Only known contacts or a pre-established list of people can be added to groups.
“Strict account settings are an advanced security feature that turns on privacy and security controls to help protect accounts from sophisticated cyber attacks,” Meta notes in its help document. “Strict account settings are an optional, lockdown-style security feature that, when enabled, reduces your vulnerability to cyber attack by limiting functionality.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. “By exploiting a logic flaw in certificate validation, an attacker can establish a VPN session without possession of a valid password, effectively bypassing authentication requirements,” Check Point said . “Additional post-authentication activity is required to access internal resources or escalate privileges.” The shortcoming impacts the following products and versions - Security Gateways R82.10 Jumbo Hotfix Take 19 or below, R82 Jumbo Hotfix Take 103 or below, R81.20 Jumbo Hotfix Take 141 or below, R81.10 (EOS), R81 (EOS), and R80.40 (EOS) Spark Firewalls: R80.20.X (EOS), R81.10.X, and R82.00.X Successful exploitation requires the following conditions to be met - VPN Remote Access or Mobile Access is enabled IKEv1 is enabled for remote access Gateways accept legacy Remote Access clients Gateways do not demand a machine certificate for connections The Israeli cybersecurity company said it first observed indications of suspicious activity on June 4, 2026, with the earliest observed exploitation dating back to May 7, 2026.
Exploitation efforts are said to have ramped up starting this month. The exploitation activity, Check Point added, has been limited to a “few dozen targeted organizations globally.” In one case, the post-exploitation phase has been associated with a Qilin ransomware affiliate. “We believe that this threat actor infrastructure is exploiting other VPN related vulnerabilities such as the ones published by Palo Alto [Networks], Fortinet, and F5,” it noted. “We identified indicators suggesting the actor may use the Tox protocol for communication, a pattern commonly associated with financially motivated ransomware actors.” A key aspect is the use of a virtual private server (VPS) infrastructure to conduct the attacks.
Specifically, this involves relying on VPS servers geolocated to a particular country to target organizations within its borders. Once access was established, the attackers were found attempting to download malicious ELF files from actor-controlled infrastructure. Some aspects of these efforts overlap with a report from Ctrl-Alt-Intel last month, which highlighted the ransomware crew’s abuse of corporate VPN appliances for initial access. “To the best of our knowledge to date, there is no indication the vulnerability was broadly available to other threat actors,” Check Point Research told The Hacker News via email.
“The activity is clearly opportunistic and targets vulnerable organizations rather than characterized one.” Further review of the affected VPN components has uncovered a second vulnerability, CVE-2026-50752 (CVSS score: 7.40), which may allow an adversary-in-the-middle (AitM) attack on VPN site-to-site connections. There is no evidence the flaw has been exploited in real-world attacks. (The story was updated after publication to include a response from Check Point Research.) Update The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on June 8, 2026, added CVE-2026-50751 to its Known Exploited Vulnerabilities ( KEV ) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 11, 2026.
Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
State of AI in the Cloud 2026: How AI is Reshaping Cloud Attack Surface
AI Phishing Is Crushing SOCs with Alert Volume: How to Reduce Tier 1 Overload
Phishing has always been a numbers game. AI has turned it into a volume machine. Attackers can now create convincing emails, fake login pages, and tailored lures in minutes. Every polished message adds another case for Tier 1 to review, another link to inspect, and another alert that cannot be dismissed at a glance.
As the queue grows, a credential theft attempt or malware delivery can easily get buried among routine checks. SOC leaders need to help their teams cut through the noise faster and catch the alerts that could turn into a serious incident. Where Tier 1 Teams Lose Time on AI Phishing AI helps attackers launch more convincing campaigns, vary the message, and rotate infrastructure faster. For Tier 1 teams, that means fewer alerts can be ruled out quickly.
AI-driven change What Tier 1 has to deal with SOC impact More lure variations Similar campaigns no longer look identical. More alerts need manual review. Better impersonation Emails sound like routine HR, finance, or IT requests. More time is spent checking context.
Personalized messages Lures are tailored with public company or employee details. More emails pass a quick visual check. Short-lived domains URLs often have little or no reputation history. Tools return “unknown” instead of a clear verdict.
More uncertain cases Tier 1 has less evidence to close alerts confidently. More cases are pushed to Tier 2. That leaves Tier 1 spending more time on every alert and sending more unclear cases to Tier 2 for another round of review. As the backlog grows, critical threats can sit in the queue longer, delaying response and increasing the risk of a costly incident.
The Fastest Way to Handle AI Phishing at Scale Without Overloading Tier 1 Adding more manual checks will not solve the problem. When phishing volume rises, Tier 1 needs a way to investigate more alerts without spending extra time on repetitive steps or pushing every unclear case to senior teams. A faster workflow combines automated checks, behavior-based visibility, and ready-made reports. This gives Tier 1 the evidence needed to reach a clear verdict sooner and helps Tier 2 step in only when a case truly requires deeper investigation.
- Give Tier 1 Full Behavior Visibility in Under 60 Seconds AI makes it easier for attackers to produce polished lures and launch new variations faster than reputation checks can keep up. Even when the message looks convincing and the URL has no known history, Tier 1 still needs a quick way to see what happens after the click. With solutions like ANY.RUN’s Interactive Sandbox, teams can open suspicious links in a real browser environment, interact with the page freely, and trace the full attack chain without putting company devices or infrastructure at risk.
Explore real-world phishing analysis Fake Microsoft 365 login page exposed in 60 seconds inside ANY.RUN sandbox In this recent case, a routine-looking LinkedIn Drive link led to a fake Microsoft 365 login page designed to steal corporate credentials. The phishing content was hosted on AWS CloudFront and filtered out free email domains, helping it stay under the radar. Inside the sandbox, the full chain was exposed in under 60 seconds . Cut Tier 1 overload with evidence-driven phishing analysis and achieve up to 3× faster triage with 30% fewer escalations.
Reduce SOC Overload For a busy Tier 1 team, this changes the workflow immediately: Expose what reputation checks cannot see: Redirects, hidden pages, and credential-harvesting forms are revealed in one session. Reach a verdict on fresh URLs faster: Even when a link has no known history, the team can see what happens after the click. Reduce the time real threats stay unresolved: Credential theft attempts and malicious downloads can be confirmed before they remain buried in the queue. Make decisions based on evidence, not assumptions: Tier 1 sees the full attack chain before deciding whether to close or escalate the case.
- Process More Phishing Alerts Without Adding More Manual Work Traditional automation can miss phishing pages that appear only after a redirect, a CAPTCHA, or a specific user action. It may save time on basic checks but still leave Tier 1 teams with incomplete results and more cases to investigate manually. ANY.RUN combines automation with interactivity.
Once enabled, the sandbox opens suspicious links in an isolated browser, navigates through pages, solves CAPTCHAs, and triggers hidden steps in the phishing chain, much like an analyst would during a manual investigation. Team members can also step in at any point when a case needs a closer look. ANY.RUN sandbox automatically solves CAPTCHA challenge This helps SOCs handle higher alert volume without putting more pressure on the team: Cut repetitive investigation steps: The sandbox navigates pages, solves CAPTCHAs, and triggers hidden content automatically. Increase Tier 1 capacity: The same team can process more AI phishing alerts during each shift.
Absorb spikes without immediately adding headcount: Automation reduces the amount of hands-on work required for every case. Keep human judgment available for complex threats: Analysts can step into the session whenever a case needs closer review. 3. Give Tier 2 Ready-Made Reports for Faster Response Even after Tier 1 confirms a threat, the escalation can still take time.
When findings are scattered across different tools, senior team members have to repeat the same checks before deciding what to do next. ANY.RUN’s Tier 1 Report gives the team a clear, ready-to-use handoff as soon as the analysis is complete. It brings together the verdict, key IOCs, behavioral indicators, and MITRE ATT&CK mapping. AI Summary explains what happened and why the activity is malicious, while AI Recommendations suggest the next investigation and response steps.
ANY.RUN’s Tier 1 Report with analysis details, including AI Summary and Recommendations for deeper research and faster handoff Instead of passing raw technical data to Tier 2, Tier 1 can send a structured report that is already useful for escalation and faster action. This improves the handoff between triage and response: Prevent Tier 2 from rebuilding the case: Senior teams receive the verdict, IOCs, behavioral findings, and MITRE ATT&CK mapping in one report. Cut the delay between triage and containment: Clear findings and recommended next steps help the response team act sooner. Standardize escalations across shifts: Every handoff follows the same structure, reducing gaps when cases move between team members.
Give SOC leaders better oversight: Managers can spot bottlenecks, review escalation quality, and see where the team is losing time. Turn Faster Phishing Triage into Stronger Business Protection AI phishing is not only creating more alerts. It is keeping SOC teams busy while real threats move closer to the business. The teams getting ahead of the problem are giving Tier 1 a faster way to confirm threats, close routine cases, and escalate the right incidents with the evidence already prepared.
Teams using ANY.RUN report: 94% of users report faster triage and clearer decisions Up to 20% decrease in Tier 1 workload 30% fewer Tier 1-to-Tier 2 escalations Up to 21 minutes faster MTTR per case Reduce Tier 1 overload with ANY.RUN and give your SOC more capacity to contain high-risk threats before they disrupt operations or lead to costly incidents. Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More
Monday again. The weekend was meant to be quiet. It wasn’t. Last week had poisoned packages, a broken AI helper, and a worm tearing through repos.
The ugly part: basic tricks still worked. A chatbot got fooled. A bot token got leaked inside the malware. The same old mistakes showed up again.
And while everyone chased the loud stuff, quieter attackers sat in inboxes for months, reading mail and stealing it bit by bit. Lots to cover. Grab coffee. Read up.
⚡ Threat of the Week Miasma Worm Hits 73 Microsoft GitHub Repositories in Supply Chain Attack
- Microsoft’s GitHub repositories became the latest to fall victim to the ongoing Miasma self-replicating supply chain attack campaign. The incident impacted 73 Microsoft repositories across four of its GitHub organizations, including Azure, Azure-Samples, Microsoft, and MicrosoftDocs. The development prompted GitHub to disable access to those repositories. Miasma is assessed to be a variant of the Mini Shai-Hulud worm that TeamPCP publicly released in mid-May 2026.
Your VPN is Helping Attackers Move as Fast as AI The Zscaler ThreatLabz 2026 VPN Risk Report reveals a dangerous disconnect: while attackers use AI to move at machine speed, legacy VPNs are leaving defenders blind and exposed. When you can’t see what’s happening, response time collapses and the odds of containment drop with it. Get the Report ➝ 🔔 Top News Google Fixes Android Framework Flaw Under Exploitation
- Google released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation. Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user interaction.
The vulnerability impacts devices running Android versions 14, 15, 16, and 16 QPR2 (Quarterly Platform Release 2). Google has acknowledged there are indications that CVE-2025-48595 may be under “limited, targeted exploitation.” As is typically the case, the tech giant did not reveal any specifics about who may have been behind the activity, the targets affected, and the scale of such efforts. U.S. Action Disrupts Investment Fraud Schemes
- The U.S.
Department of Justice announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The “Disruption Week” operation led to the takedown of millions of social media, email, and internet access accounts used by transnational cybercrime groups in Southeast Asia to defraud victims. Private sector entities voluntarily froze over $3.8 million in cryptocurrency involved in the laundering of funds stolen from Americans. The efforts are part of an ongoing U.S.
government initiative called Scam Center Strike Force, which aims to dismantle transnational criminal organizations running cyber-enabled fraud and “pig butchering” (aka romance baiting) scams from compounds in Southeast Asia, along with the human trafficking and money laundering operations that fuel the illicit enterprise. China-Linked TA4922 Broadens Focus to Europe, Africa
- A new Chinese-speaking cybercrime group has expanded its reach from East Asia into Europe and Africa, while rapidly overhauling the malware it employs to hack into corporate networks. The actor, tracked as TA4922, is financially motivated and focused on gaining remote access to victim systems for data theft, fraud, and the resale of access. Some elements of the threat actor’s tactics overlap with Silver Fox and Void Arachne.
Its operations are unusually varied, leveraging malware delivery, credential phishing, and credit card theft across different campaigns. While historical attacks targeted Japan, the actor has also targeted organizations in Taiwan, Korea, Singapore, and India, the U.K., Germany, Italy, and South Africa. The lures are localized, impersonating tax authorities, finance departments and human resources teams in the target’s own language to distribute Atlas RAT, RomulusLoader, and SilentRunLoader through DLL side-loading techniques. OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework
- A previously unreported threat cluster dubbed OP-512 has been observed targeting Microsoft Internet Information Services (IIS) servers to deploy a bespoke web shell framework.
The espionage-focused activity has been assessed as originating from China. “OP-512 was highly likely conducting espionage through a compromised Internet Information Services (IIS) web server on an organization whose sector and geography align with China-linked intelligence priorities,” ReliaQuest said. The web shell framework facilitates file management and authenticated command execution. Hackers Spied on a Stock Exchange Executive’s Outlook Mailbox for 5 Months
- Unknown threat actors managed to spy on a senior member of an unnamed global stock exchange for at least five months.
There are still several unanswered questions, like who was behind it and how they obtained initial access. However, what’s evident is that the attacker spent several months inside the Outlook mailbox and likely accessed sensitive information. The goal of the operation was most likely cyber espionage, but details are scant on which stock exchange was targeted. The earliest sign of malicious activity was observed on October 10, 2025.
The attack led to the deployment of a mailbox stealer that ran in 2-4 week intervals to hoover up email data. The captured information was exfiltrated via Dropbox and Microsoft OneDrive Personal, transferring only small batches at a time to avoid raising any red flags. The data exfiltration runs lasted through March 2026. ️🔥 Trending CVEs Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast.
These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild. Check the list, patch what you have, and hit the ones marked urgent first - CVE-2026-28318 (SolarWinds Serv-U), from CVE-2026-39210 through CVE-2026-39217 (FFmpeg), CVE-2026-20245 (Cisco Catalyst SD-WAN Manager), CVE-2026-20230 (Cisco Unified Communications Manager), CVE-2026-3300 (Everest Forms Pro plugin), CVE-2025-48595 (Google Android) CVE-2026-8501 (PCTCore64.sys), CVE-2026-10629 (Verizon IMS network), CVE-2026-7299 (Appsmith), CVE-2026-10621, CVE-2026-10622 (Collibra Agent), CVE-2026-0826 ( HP Poly Voice ), CVE-2026-8206 ( Themeum Kirki - Freeform Page Builder, Website Builder & Customizer plugin ), CVE-2026-23479 , CVE-2026-23631 aka DarkReplica, CVE-2026-25243 , CVE-2026-25588, CVE-2026-25589 (Redis), CVE-2026-49200, CVE-2026-49201 (Acer Wave 7 routers), CVE-2026-8874, CVE-2026-8876, CVE-2026-8878, CVE-2026-8879, CVE-2026-8881, CVE-2026-8888, CVE-2026-8889 (Securly), CVE-2026-10881, CVE-2026-10882, CVE-2026-10883 (Google Chrome), CVE-2026-41722, CVE-2026-41723, CVE-2026-41724 (Broadcom VMware Cloud Foundation Operations), CVE-2026-34908, CVE-2026-34909 (UniFi OS Server), CVE-2026-4372 (Hugging Face), CVE-2026-45495 (Microsoft Edge), CVE-2026-42253 (Apache ActiveMQ), CVE-2026-9614 (Ivanti ISTM), CVE-2026-48019 (laravel/framework), CVE-2026-5386 (KMW CCTV security cameras), CVE-2026-5509 (TP-Link Archer BE450 v1 and Archer BE7200 v1), CVE-2026-4387 (StrongDM), CVE-2026-8633 (IBM WebSphere), and CVE-2026-9739 (MCP Toolbox). 🎥 Cybersecurity Webinars Learn How to Validate What Your SIEM, EDR, and SOC Catch → Automated pentesting finds flaws. It doesn’t prove your defenses caught them.
Join Picus experts to learn where testing falls short, why “clean” reports can mislead, and how validation shows what your SIEM, EDR, and SOC actually detect. Stop AI-Powered Attacks Before They Spread → AI is making cyberattacks faster, harder to spot, and easier to scale. This webinar shows why old defenses fail against threats like Mythos-and how Zero Trust helps block movement, limit damage, and stop attacks before they grow. Learn How to Detect and Stop Risky AI Use in Real Time → AI tools are spreading through the workplace faster than security teams can control.
Every pasted file, prompt, or piece of code can expose sensitive data to systems that the business never approved. This webinar shows how to detect risky AI use, stop leaks in real time, and keep company data out of uncontrolled AI tools. 📰 Around the Cyber World Five Eyes Warns of China Exploiting LinkedIn to Target Security Personnel
- Chinese military intelligence services are using LinkedIn and other professional networking sites like Indeed and Upwork to recruit people with access to government, military, foreign policy, or sensitive economic information, the U.S. and its Five Eyes intelligence partners said in an advisory.
The aim is to acquire privileged military, political and economic intelligence that can provide China with a strategic and tactical advantage over the Five Eyes, per the advisory. “These actors use an aggressive online recruitment strategy whereby intelligence officers or their affiliates pose as employees of private consultancies, think tanks, or human resources firms, and place online job advertisements for foreign policy and defense analysts,” the agencies said. Bloomberg reported that China has been targeting Five Eyes nationals with security clearance, particularly those working in foreign affairs, security, and intelligence, and military personnel, including people stationed in the Asia-Pacific region, as well as journalists, academics, and think-tank employees with knowledge of unclassified information. Targets are offered payments in exchange for increasingly privileged information.
Payments may arrive through a number of online platforms, including reputable services like PayPal, Zelle, and Wise, or via Western Union and cryptocurrency. Over 20K Accounts Likely Impacted in Instagram Attack Campaign
- Meta has revealed that 20,225 Instagram accounts may have been impacted in a recent attack abusing an AI-powered support tool. The attacks involved compromising the accounts simply by asking Meta’s chatbot to link their own email address to the targeted account. This enabled unauthorized third parties to reset the account password and take control of it.
Many of the high-profile accounts were then sold on the dark web. The exploitation of the High Touch Support (HTS) tool was discovered on May 31, 2026. The filing published on Maine’s Attorney General website lists April 17 as the date when the breach occurred, indicating the first unauthorized access may have occurred weeks before it was discovered. It’s currently what personal information, if any, the threat actors may have accessed.
The use of the tool has since been disabled. The development comes as a vulnerability was disclosed in Instagram’s web-based password reset flow that exposed unredacted email addresses and phone numbers associated with user accounts when providing a user name as input. Hola Browser for Windows Compromised to Deliver Cryptocurrency Miner
- Sophos discovered an XMRig cryptocurrency miner binary bundled within a certified version of the Hola Browser installer for Windows. Hola attributed the anomaly to a supply chain compromise affecting its “update distribution pipeline,” which allowed the unauthorized payload to evade detection.
“This was a supply chain compromise, and critically, no user data was accessed, exfiltrated, or compromised at any point during this incident affecting 0.1% of users,” Hola said. “We have since completely rebuilt our distribution pipeline, implemented advanced code-signing verification, and introduced tighter access controls and continuous monitoring across our infrastructure.” Malicious npm Packages Target Trusted Brands
- A threat actor has been deploying dozens of malicious packages to npm targeting AI companies, luxury brands, and venture capital firms. These packages drop a new malware strain that impersonates an AI coding tool. The malicious code is launched by means of a post-install hook.
“When the binary payloads are run, a terminal window pops up and prompts the user for user information and OpenAI or Anthropic API keys,” OpenSourceMalware said . “Meanwhile, in the background, the malware is already harvesting ~/.local/share/stardrop/auth.json and other files for credentials.” 2 npm Packages Deliver Epsilon Stealer
- Two malicious npm packages, turbo-axios and faster-axios, targeted developers searching for the popular axios HTTP client. “Both are trojanized copies of the real axios source with a single addition: a postinstall hook that fetches and eval()s remote JavaScript,” SafeDep said . “The chain terminates in Epsilon Stealer , a malware-as-a-service (MaaS) Electron infostealer that harvests browser credentials, crypto wallets, and messaging sessions, then opens a persistent WebSocket channel for arbitrary command execution.” Malicious npm Package Leaks Own Telegram Bot Token
- In a related development, OX Security flagged a malicious npm package named cms-store-ren that exfiltrates data to Telegram, while leaking its own bot API token in the process.
“cms-store-ren is a malicious npm package that collects data from developers’ machines and then sends them to a Telegram channel,” OX Security said . “It also downloads a potentially malicious JavaScript file from a remote server and tries to execute it, although this behavior wasn’t yet weaponized. The package acts as a downloader/loader whose primary purpose is to fetch and execute a second-stage payload while reporting successful infections back to the malicious actor.” Fake Document Factory Taken Down in Spain
- French and Spanish authorities, with support from Europol, dismantled an online marketplace selling fake identity documents to migrant smuggling rings operating in Europe to evade border controls, fraudulently obtain residence rights, and facilitate secondary movements within the region. The counterfeit document production facility, located in Alicante, Spain, led to one arrest and the seizure of approximately 800 forged European documents, document-production equipment, digital devices, a vehicle, and €1,580 in cash.
“The search of the apartment, rented under a false name, uncovered a fully operational counterfeit document workshop, highlighting the industrial-scale production methods increasingly used by organised crime groups involved in document fraud,” Europol said . Former IBM Executive Accuses Company of Covering Up Hacks
- A former IBM cybersecurity executive accused the company of getting hacked three times in the previous decade by foreign governments and then covering up the breaches. William Barlow, who was IBM’s vice president of threat intelligence until August 2019, said IBM concluded Chinese hackers breached its core network between 2013 and 2016, but that the software company went on to conceal the incidents and never publicly disclosed them. Breaches at two other IBM subsidiaries were also covered up in a similar manner, a lawsuit unsealed last week revealed.
Gafgyt Botnet Variant Targets DD-WRT Router
- A new variant of the Gafgyt botnet called C0XMO is now targeting DD-WRT router firmware by exploiting a stack buffer overflow vulnerability (CVE-2021-27137). “Unlike earlier versions, this malware separates its lateral movement into a standalone Python script,” Fortinet FortiGuard Labs said . “This approach helps the attacker target various system architectures and device types more efficiently.” The activity was discovered in March 2026 in connection with an attack targeting a Japanese technology firm. Once C0XMO is delivered and executed on the victim host, it sets up persistence, terminates competing processes and red teaming utilities, and then establishes a connection with a remote server to accept DDoS attack commands against specific targets.
It also comes with a scanner to facilitate lateral movement via SSH, Telnet, Android Debug Bridge (ADB), and other HTTP-based exploits (e.g., CVE-2025-34054, CVE-2016-15047, CVE-2015-2051, CVE-2022-35914, and CVE-2021-27137). Malicious PyPI Package Drops Backdoor
- Parsimonius, a malicious typosquat of the parsimonious Python package, “incorporated the legitimate parsimonious parsing functionality to avoid suspicion while simultaneously deploying a Telegram-based backdoor,” Zscaler said . “Once installed, the backdoor provided attackers with remote access capabilities and facilitated the theft of sensitive data, including .env files and bot authentication tokens.” The package racked up 2,474 downloads, prior to it being removed. VECT Ransomware Suffers From New Flaws
- A new analysis of the Windows version of VECT ransomware has uncovered additional vulnerabilities that “can leave files renamed, partially encrypted, inconsistently modified, or damaged in ways the attacker’s own decryptor cannot reliably reverse,” Morphisec revealed .
“These bugs change the recovery picture. A VECT incident does not necessarily produce one clean class of encrypted files. The same .vect suffix can represent several outcomes: a file that was only renamed, a file encrypted in a single pass, a large file with only selected regions modified, or a file left inconsistent by failed writes or shared-state races.” Handala Brand Used for Physical and Influence Operations
- Recorded Future has revealed that Iran’s Ministry of Intelligence (MOIS) has likely expanded the use of its Handala persona to include external physical and influence operations targeting U.S. and Israeli interests, bringing cyber, physical, and influence personas under a single umbrella.
The threat intelligence company said it observed significant overlaps in the online activities of Handala Hack Team, a new Handala-branded persona named “Handala Popular Resistance Front,” and three influence operations networks dubbed VIPEmployment, MOISIRAN, and Brave Israel. “Notably, the HPRF and the three influence operations networks all almost certainly share a modus operandi: their administrators solicit individuals to conduct physical attacks and espionage targeting U.S. and Israeli entities, on behalf of Iranian intelligence agencies, for a financial reward,” Recorded Future said . “By encompassing these groups under the Handala brand, MOIS likely seeks to take advantage of Handala’s global recognition to amplify its solicitation efforts.” New Android Trojan OverlayPhantom Spotted
- A new Android banking trojan referred to as OverlayPhantom has been observed targeting more than 180 apps across 10 countries via malicious URLs, aiming to steal credentials via fake overlays and real-time screen sharing.
“The malware employs a two-stage infection chain, using a dropper application that impersonates trusted platforms, including the official Austrian government identity application, ID Austria, and the widely used consumer platform TikTok, to deceive victims into installing it,” Cyble said . “Once deployed, OverlayPhantom masquerades as ‘Google Play Services’ and abuses Android’s accessibility service to gain persistent, elevated control of the infected device.” The malware is equipped to run over 30 remote commands to enable automated gestures, clipboard manipulation, credential theft, and data exfiltration. Targets of the malware include financial and cryptocurrency apps serving users in the U.S., Australia, Germany, France, Belgium, Finland, the Netherlands, Italy, Spain, and the U.K. Fake Copyright Infringement Notice Emails Lead to Credential Theft
- Threat actors are using official-looking copyright removal requests to target Chrome extension developers, warning them of imminent removal and urging them to appeal by clicking on a link (“dmca-chrome-extensions[.]click”) within 48 hours.
“After you enter your extension’s ID to ‘verify’ it, the page pulls in your extension’s real name and icon,” Malwarebytes said. “But it’s all part of a phishing attack designed to steal your Google username and password.” Other campaigns have been found to use pirated PC games and modified installers for franchises like Far Cry, Need for Speed, FIFA, and Assassin’s Creed to distribute a Windows password-stealing malware ; fake payment invoices that trick recipients into calling a bogus customer support agent as part of refund scams; counterfeit websites impersonating BlueWallet and OpenAI ChatGPT to deliver a macOS stealer and clipper . For Windows systems, the website mimicking ChatGPT is used to deliver a credential-stealing malware loader, while Mac users get Odyssey Stealer, a fork of Atomic Stealer (AMOS). Bypassing Malicious Skill Scanners
- Trail of Bit said it was able to bypass ClawHub’s malicious skill detector , Cisco’s agent skill scanner , and scanners integrated into skills.sh to push rogue skills to public skill marketplaces and steal sensitive data from developer systems.
One of the malicious skills used prompt injection to “convince the guard model that the malicious payload is nothing to worry about,” the company said . “The skill tells the agent to configure its package managers (npm and yarn) to use an attacker-controlled registry, but dresses the subterfuge up in the language of corporate environment configurations and virtual private network access to convince the LLM analyzer the change is innocuous.” The takeaway here is that trust can never be outsourced to a third-party scanner and that they cannot reliably detect malicious content in agent skills. To counter the risks, organizations are recommended to curate skill marketplaces for their employees and agents using trustworthy open-source collections. Phishing Campaigns Drop Remcos RAT
- Payment slip-themed phishing emails are being used to distribute a link pointing an external file-hosting service like MediaFire, which triggers the download of a screen saver (.SCR) file, which kicks off a multi-stage chain that ends in the deployment of Remcos RAT by means of an AutoIt script after performing anti-analysis checks.
The activity has been attributed by JUMPSEC to a threat group called BlackToad, which is likely an affiliate of the broader Nigerian e-crime ecosystem that’s tracked as SilverTerrier with its own set of targeting lures and tradecraft. It also exhibits some infrastructure overlap with a cluster documented by Agoda Engineering as BoredFluff , which targeted hotel staff in 2024 through fake guest enquiries to deliver Remcos RAT through a malware loader named GuLoader. Pink, a New Com-Affiliated Actor
- A new cybercrime brand called Pink (aka CL-CRI-1147), is leveraging vishing for initial access with the primary objective of data theft and extortion. It’s assessed to be part of the broader Com ecosystem , embracing techniques similar to those of ShinyHunters and CL-CRI-1116 (Blackfile/Redact).
The group’s data leak site went live on May 31, 2026. “The threat actor leverages vishing for initial access, impersonating internal IT personnel to convince a user to input credentials into a phishing site, allowing the actor to gain access to the victim’s account and MFA,” Palo Alto Networks Unit 42 said . “After gaining access to the victim’s account, the actor rapidly identifies and exfiltrates data from platforms like SharePoint and OneDrive, similar to other Com-affiliated groups.” The threat actor has also been found to make use of compromised victim accounts to send their initial extortion email as well as internal Teams messages. According to Google , the activity maps to a threat group it calls UNC6671 .
🔧 Cybersecurity Tools CAI → It is an open-source framework for building AI agents that help with cybersecurity work, from security testing and vulnerability discovery to defense automation. It supports 300+ AI models and includes built-in tools for tasks like reconnaissance, exploitation, privilege escalation, and security assessment. PMG → It is a free, open-source tool that blocks malicious open-source packages before they install. It sits in front of package managers like npm, pip, and Poetry, checks packages with SafeDep threat intelligence, and helps protect developers and AI coding agents from supply-chain attacks.
Disclaimer: This is strictly for research and learning. It hasn’t been through a formal security audit, so don’t just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law. Conclusion That’s the week.
Nothing here is new. Same tricks. Same shortcuts. Same open inboxes.
That’s what makes it worse. Patch what matters first. Warn the people who click everything. Back up the important stuff.
Then log off for a bit. It’ll be messy again by next Monday. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
The Hardest Fork
Mythos is real. I know a big chunk of the industry thinks it’s a marketing stunt, and I get why. I get it. But I’ve seen the findings, and they’re bad.
These aren’t “whoops, this line right here is wrong, and that’s RCE.” They’re novel combinations of a few dozen issues out of thousands of things every SAST scanner already finds, chained together into something much worse. It’s real creativity, like Move 37. That’s not a better scanner. That’s a different category of threat.
In some ways, it doesn’t even matter. Even if this specific model were a hoax, the capability is coming regardless. Some days, I wish it were a hoax. We’d have more time.
But you can believe me or not. The rest of this post is about what we do about it either way, and I’m getting started now. Washington has been tracking this for a while, but you can’t regulate something most of the industry thinks is made up. Now that every boardroom is in preparation mode (and they are), DC finally gets to start thinking through what steps they can take.
It’s clear they need to play a role, but it’s not clear how or what it should be. And they’re in a really tough spot. Regulate too little, and you risk a US-based company accidentally creating a weapon that puts our critical infrastructure at risk. Regulate too much, and the same thing happens in China instead.
The whole thing feels like gain-of-function research on viruses. Everyone knows you should wash your hands before leaving the lab, but just because we make it mandatory doesn’t mean the rest of the world will. We’ve already seen how that story goes in Wuhan. Here’s the structural problem that limits what any government can do: despite Europe’s best attempts with the CRA, open source isn’t governable.
Laws and executive orders don’t apply to people around the world putting things on the internet for free. The US realizes this, so they’re focusing where they can and where they should: on consumption. That’s the right instinct, and it’s exactly where the rest of this post is going. The open source ecosystem and consumption model is not ready for this I’ve been working on this problem every day of my life for the last decade.
I helped found the OpenSSF and Alpha-Omega while at Google. I created Sigstore , Scorecards , and the first open source malware scanners. I funded the grants that put Rust in the Linux kernel and MFA on PyPI. Then I started Chainguard to do all of this commercially, at scale.
I’m telling you all of this not to brag, but because I need you to believe me when I say: the way the world consumes open source software is fundamentally broken, and no amount of incremental improvement is going to fix it in time. Not in its current form. Maybe not ever. It’s going to have to change.
Most companies have been consuming open source freely for years without really thinking about it. Modern apps are layers of dependencies, and when something goes wrong in one of them, fixing it can cascade through an entire stack. For large orgs with legacy codebases, that’s not an afternoon fix. And moving fast has its own risks now.
AI has supercharged supply chain attacks, too. Rush to patch a vulnerability without careful review, and you might install malware that’s worse than the original problem. The maintainer side is even harder. Especially for the massive chunk of maintainers who care and want to help.
Many don’t, and that’s completely fine. They owe their downstreams nothing. Some of the most critical software on the internet is maintained by one or two people in their spare time. Automated scanners and AI-generated reports have already been burying them in low-quality noise for years.
And unlike commercial software, open source maintainers don’t have contracts or SLAs. There’s no guarantee a patch gets written, merged, or that the person is even reachable. Coordinated vulnerability disclosure was designed for a world where finding a serious vulnerability took weeks of expert work and the targets were a small set of well-known projects. A model can now find hundreds overnight in the long tail.
The existing system is not going to keep up, and we all need a backup plan for the vulnerabilities that don’t get patched. What actually needs to happen We need a Plan A and a Plan B. Plan A: coordinated disclosure that actually works at scale. A single, trusted group that routes fully vetted reports and patches upstream, and supports the maintainers who want help.
Not a dozen competing groups filing noisy tickets. One coordinated effort that maintainers recognize and trust, so their reports get bubbled to the top of every inbox. Right now, Glasswing has managed to get about 6% of its findings upstreamed. This program will never reach 100%.
That’s not how the long tail of open source works. My best guess is that we can get normal coordinated disclosure working, under hard time crunches, for maybe 50% of projects at best. And it’s going to take a lot of work to get there. Plan B: how we deal with the rest.
And it’s not a clean split. There’s a huge messy middle of projects where the maintainer responds but can’t ship a fix in time, or where a patch exists but nobody downstream picks it up. For all of those, and for the projects where maintainers can’t or won’t patch at all, we need a maintainer of last resort. Open source gives you the right to fork.
To take a project, assume stewardship, and keep it alive independently. Forking dead or unresponsive projects already happens every day. But in a world with hundreds of vulnerabilities being reported by dozens of groups, we need to centralize in one place to maintain those forks that end users can trust. It’s going to involve hard calls and hurt feelings, but it’s the only way we avoid fragmentation.
A year ago, this wouldn’t have been possible at scale. Now it is. The same AI capabilities creating this crisis are what make a maintainer of last resort viable. That function needs to live somewhere sustainably funded, staffed, neutral, and trusted.
The best time to fix a dependency tree was 20 years ago. The next best time is now. And the saying goes: if you want to go fast, go alone. If you want to go far, go together.
The problem is we need to do both. Three forks in the road So what do we actually do? There are three ways this plays out, depending on how much of this problem you think is someone else’s to solve, and how long it takes us to figure out no one is coming to save us and actually get our shit together. The naive one: you do nothing and hope.
Glasswing patches everything upstream, your vendor magically sandboxes every workload so nothing can escape, your team rewrites your legacy deployment pipeline to ship every sixty seconds, and your CISO sleeps through the night for the first time since 2014. Every maintainer responds to every disclosure within 24 hours. Every company updates every dependency the day a patch lands. Nobody introduces a regression.
Nobody installs malware disguised as a patch. I want to live in this world. We do not live in this world. The chaotic one: nobody centralizes.
Every major cloud provider forks its own versions of critical libraries, each with its own patch sets. Three different security vendors ship competing forks of the same logging framework. Your team is left trying to figure out which version of which fork has which CVEs fixed, and whether any of them introduced new ones. This is the default if we do nothing.
The hard fork: a deliberate, coordinated, painful decision to build new trust infrastructure for open source consumption. One disclosure pipeline that works at scale. One trusted place for maintained forks. Hard calls about which projects get forked and which forks survive.
This is the most difficult option, and it’s the only real one. Open source has always had a mechanism for this. When a project can’t or won’t adapt, you fork it. You take stewardship, you do the work, and you move forward.
That’s the deal. It’s always been the deal. What’s different now is the scale. We’re not talking about forking one project.
We’re talking about building the infrastructure to fork, maintain, and distribute thousands of them. Under time pressure, with real adversaries on the other side. That’s the hardest fork any of us has ever had to make. The same AI capabilities that created this crisis are the ones that make it possible.
Software is going to change in ways that would have been unimaginable a year ago, and I think there’s a brighter future on the other side. Is any of this actually going to work? I honestly have no idea. But we have to start, and as the Programmer’s Credo says, “We do this not because it is easy, but because we thought it would be easy when we started.” This one doesn’t even feel easy at the start.
Get the latest on the Chainguard blog . Note: This article is expertly written and contributed by Dan Lorenc, CEO and Co-founder, Chainguard. Found this article interesting? This article is a contributed piece from one of our valued partners.
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT ) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks as VerdantBamboo , which it said overlaps with hacking groups known as Clay Typhoon (Microsoft), UNC5221 (Google), and Warp Panda (CrowdStrike). The cybersecurity company said it discovered the intrusion during an incident response engagement in September 2025, when it emerged that the adversary had compromised an unnamed victim’s Egnyte Storage Sync system by exploiting a local privilege escalation flaw to deploy BRICKSTORM. The issue was addressed in Storage Sync version 13.13 , released in March 2026.
“The appliance had periodically been accessed by VerdantBamboo via IP addresses assigned through the victim organization’s web SSL VPN,” researchers Damien Cash, Paul Rascagneres, Steven Adair, and Tom Lancaster said in a technical report published last week. “The threat actor used the malware’s proxying capabilities deployed on the Storage Sync system, along with compromised credentials, to access the victim’s Microsoft 365 (M365) environment.” It’s assessed that these steps were undertaken to blend in with legitimate network traffic and evade Conditional Access policies, with the initial compromise occurring at least 18 months before. Following the initial remediation, VerdantBamboo is said to have staged a return, breaching the same organization by using stolen administrative credentials to connect to the firewall, and then abusing that access to configure web SSL VPN access to the device, connect to other systems, and deploy additional malware to a Synology Network Attached Storage (NAS) appliance. Further investigation has since uncovered that the threat actor had in fact compromised the victim organization’s Managed Services Provider (MSP), specifically infecting its MSP’s pfSense firewall with a BSD variant of BRICKSTORM around the same time the victim’s Storage Sync system was also breached.
It’s believed that the victim was compromised through the threat actor’s breach of the MSP. The two malware families deployed to the NAS appliance over SSH are as follows - PLENET (aka GRIMBOLT), a cross-platform backdoor developed in .NET Core and a new version of BRICKSTORM compiled using native ahead-of-time (AOT) compilation. It supports interactive shell, remote command execution, file manipulation, and command-and-control (C2) server switching. AGENTPSD, a Python-based reverse shell that likely functions as a fallback in case the primary implant ceases to function It’s worth noting that the use of PLENET in the wild was reported by Google earlier this February in connection with attacks mounted by a suspected China-nexus threat cluster dubbed UNC6201 that exploited a vulnerability in Dell RecoverPoint for Virtual Machines (CVE-2026-22769, CVSS score: 10.0) as a zero-day since mid-2024.
“VerdantBamboo is a highly sophisticated threat actor that seeks to leverage a combination of living-off-the-land techniques and malware deployment on systems that traditionally do not or cannot run EDR software,” Volexity said. “This threat actor appears to have good knowledge of proprietary appliances, allowing them to deploy malware with customized persistence mechanisms. They also appear to have operational security discipline aimed at leveraging a limited number of domains and IP addresses per victim and setting up customized implant naming and persistence on a per-device basis.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign
Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by Google Mandiant and Google Threat Intelligence Group (GTIG) to a threat actor dubbed UNC3753 , which is also known as Chatty Spider, Luna Moth, and Silent Ransom Group (SRG). “UNC3753 leverages voice phishing (vishing) and social engineering deception techniques to achieve remote access into corporate environments,” researchers Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, and Tyler McLellan said .
“Using pretexts such as data migration or invoice-related emails, the threat actors initiate phone conversations posing as IT support and convince targets to host screen-sharing sessions and download remote monitoring and management (RMM) utilities.” Upon gaining access, the threat actors have been found to either carry out direct searches to locate and exfiltrate files of interest or deceive the victim into carrying out the actions on their behalf. Stolen information includes proprietary legal agreements, personally identifiable information (PII), and financial records. In some instances, the attackers have accessed victims’ systems in person, echoing an advisory issued by the U.S. Federal Bureau of Investigation (FBI) last month.
These physical intrusions involve the threat actors posing as IT technicians to enter corporate offices and attempt to steal data using removable USB media. “By sending someone in-person to the victim’s location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer,” the FBI said of the new escalation in UNC3753’s capabilities. Google said UNC3753 shares tactical overlaps with UNC2686, a threat cluster previously known for carrying out BazarCall-style campaigns in 2021. Although the group has been observed deploying LockBit Black ransomware in the past, it has mainly focused on extortion-only operations since 2022, pressuring victims to pay up or risk getting their data published on the LEAKEDDATA data leak site.
Both UNC3753 and UNC2686 are assessed to be offshoots of the now-defunct Conti ransomware gang , with early iterations of the campaigns using subscription cancellation lures as part of callback phishing attacks that aim to install remote access software on victims’ machines. Beginning around March 2025, the hacking crew has impersonated internal corporate IT help desk staff to trick victims into joining a screen-sharing session on enterprise communication platforms like Zoom, Microsoft Teams, or Quick Assist under the guise of addressing a security issue helping with a corporate data migration project, effectively bypassing traditional security controls. “The threat group frequently initializes campaigns using benign, invoice-themed email lures sent from actor-controlled consumer email accounts,” Google said. “These messages contain no active links or malicious attachments.
Instead, they typically contain a brief, generic message. The primary purpose of these emails is to establish a pretext, raising the target’s internal security concerns so they are more susceptible to follow-up voice calls.” Once a session is established, the attackers attempt to establish a persistent foothold by guiding the victims to install legitimate remote desktop software like AnyDesk, Bomgar, SuperOps RMM, or Zoho Assist. Instructions to install these programs are shared via a legitimate service called “ privnote[.]com ,” which allows users to send notes that self-destruct after being read by the recipient. UNC3753 has also been observed establishing Zoom sessions directly on targets’ personal laptops to access corporate virtual desktop infrastructure (VDI) and burrow deeper into corporate file systems with the goal of enumerating local and cloud directories, crawling mapped network drives, and harvesting data from highly sensitive folders, including those related to tax filings, audits, corporate client agreements, and Social Security numbers (SSNs).
In the final stage, the captured data is sent to the threat actors via WinSCP or Rclone, or to email addresses controlled by the threat actor from the target’s mailbox. This is followed by the attackers sending an extortion demand in the form of an email message, typically within 30 minutes of exiting the target environment. The email messages give victims a three-day deadline to initiate ransom negotiations. They also threaten to call and email target employees and external clients directly to notify them of the data breach should they remain unresponsive, not to mention publish the entire stolen information on the data leak site.
In many incidents investigated by Google’s threat intelligence and incident response teams, the end-to-end operation from initial contact to data extortion is said to have occurred within a single business day. The fast-tempo operational model is exemplified by the fact that the attackers initiate data searches, staging, and theft in under an hour. “Legal services firms represent high-value targets for extortion actors. They maintain concentrated repositories of extremely sensitive client transaction files, merger and acquisition plans, client trade secrets, and corporate regulatory reports,” Google said.
“Threat groups recognize that legal entities are subject to heavy reputational and regulatory exposure and may be highly motivated to resolve extortion situations quietly to protect their professional standing. Threat actors recognize that targeting the human element - specifically using voice-guided social engineering-enables them to easily bypass robust technical perimeters, web security gateways, and MFA configurations.” The findings coincide with a new report from Resecurity about the threat actor’s use of DNS Fast Flux network infrastructure across various countries in Latin America, Eastern Europe, Central Asia, Middle East/Africa, East Asia, and the Caribbean to make its domains harder to block - business-data-leaks[.]com, the data leak site that lists close to 100 victim organizations as of June 2026 ep6pheij[.]com, which stages the stolen data per victim “By changing the DNS records and using short Time-To-Live (TTL) values, attackers make their malicious infrastructure resilient against takedowns,” the cybersecurity company said . “Both domains operate on a fast-flux network backed by a botnet spread across 18 countries and 22 ISPs. The two domains share 50-60% of their bot pool, confirming a single threat actor operates both.
The infrastructure contains zero datacenter or hosting IPs - every node traces back to a consumer ISP (e.g., Telecentro, Mega Cable, Vodafone) and is flagged as residential or mobile IP address.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks
Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. “When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection against problematic or potentially compromised releases,” Microsoft said . The new feature is available starting in VS Code 1.123. The tech giant noted that users still have the option to update any extension immediately at any point in time by using the “Update” button.
When extensions have pending updates, a reason for why they haven’t been updated yet will be available in the details view, along with when the automatic update will take place. That said, this two-hour delay does not apply to extensions from trusted publishers such as Microsoft, GitHub, and OpenAI, it added. Extensions from such publishers will continue to be updated immediately. The development comes days after RubyGems added an opt-in cooldown feature to Bundler 4.0.13 that delays installation of newly published gem versions for a pre-defined period.
Specifically, the feature allows developers to configure Bundler to introduce a time-based install delay with an aim to reduce potential exposure arising from newly published malicious versions. Over the past year, similar installation controls have also been added to Bun, pnpm, npm, and Yarn - Bun
- minimumReleaseAge (Bun 1.3+) npm
- min-release-age (npm v11.10.0+) pnpm
- minimumReleaseAge (pnpm 10.16+) Yarn
- npmMinimalAgeGate (Yarn Berry 4.10.0+) These changes arrive against the backdrop of a surge in software supply chain incidents targeting various ecosystems to breach developer systems and propagate malware to downstream users. By enforcing a minimum age threshold before a particular package version can be installed, the defensive control minimizes the window during which it spreads before it’s flagged as malicious and taken down by the registry maintainers. Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration
OpenAI has begun rolling out a new Lockdown Mode to ChatGPT for eligible personal accounts to reduce the risk of data exfiltration arising from prompt injection attacks . The feature is primarily designed for people and organizations that handle sensitive data and require stricter protection guarantees. Lockdown Mode is available to logged-in users across Free, Go, Plus, and Pro, and self-serve ChatGPT Business plans. “Lockdown Mode is an optional advanced security setting that limits many tools and capabilities in OpenAI products that can connect to the web or external services,” OpenAI said .
“It is designed to reduce the risk of data exfiltration from prompt injection attacks by limiting outbound network requests, at the expense of disabling or limiting some useful features.” The safeguards are aimed at hardening the attack surface against prompt injections, which continues to be a “frontier” problem impacting all large language models (LLMs). Specifically, they build upon sandboxing and existing controls to combat URL-based data exfiltration mechanisms to limit outbound network requests that could potentially transmit sensitive data to attacker-controlled infrastructure. The idea is not to stop prompt injections from occurring. Nor does it change the way memory or file uploads work, or the ability to share a conversation.
Rather, the goal is to eliminate potential pathways through which the data could be exfiltrated. To that end, Lockdown Mode disables the following features - Live web browsing, which is limited to accessing only cached content Image support, for displaying images in regular responses or retrieving images from the web Deep research Agent mode Canvas networking, which prevents users from approving Canvas -generated code to access the network File downloads, which block downloading files for data analysis Pointing out the feature is not “intended for everyone,” OpenAI also noted that both Lockdown Mode and Developer Mode cannot be used at the same time, adding that turning on one disables the other. “Lockdown Mode is designed to substantially reduce the risk of prompt injection-based data exfiltration in ChatGPT and supported OpenAI products, but it does not guarantee that data exfiltration cannot happen,” the company said. “Risk may remain through enabled Apps, unforeseen combinations of capabilities, or newly discovered techniques.” “Lockdown Mode also does not prevent all other effects of prompt injection attacks.
For example, a malicious instruction hidden in an uploaded file could still affect ChatGPT’s behavior, and cause an incorrect answer.” The development comes as OpenAI has also launched a new account management feature that enables users to review active ChatGPT sessions and log out of individual or all sessions if signs of unauthorized account activity are detected. The listed sessions include information about the device, the app used, approximate location, sign-in date and time, whether the device is trusted, and whether it’s the current session. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
Free Apps Are Quietly Turning Smart TVs Into Web-Scraping Proxies for AI
A researcher has reverse-engineered the iOS SDK that Bright Data embeds in consumer apps and documented how it turns devices, including always-on smart TVs, into exit nodes that relay web-scraping traffic for a data business Bright Data markets heavily to the AI industry. The company, the successor to Luminati, operates what it calls the largest residential proxy network in the world, advertised at more than 400 million residential IPs. Part of that supply comes from this SDK, shipped inside free apps behind an opt-in screen and described as a consent-sourced pool of 150 million-plus IPs. The findings, published June 5 by Include Security and independent researcher Buchodi, matter because the scraping comes from the user’s home IP, not the customer’s.
The immediate risk is not a hacked account or stolen data; it is that a home connection and its bandwidth get used as someone else’s scraping infrastructure. A connected TV is close to ideal for that: usually plugged in, on a fast connection, effectively unmetered, and unwatched. The deepest technical evidence is from the iOS SDK; the smart-TV reach rests on Bright Data’s platform support, its public partner list, and earlier reporting. The research found the peer channel that carries scraping jobs has no real authentication, and on iOS, its traffic bypasses a configured VPN.
Inside the peer tunnel When the app opens, the SDK contacts one of Bright Data’s servers, which hands over its instructions without really checking who is asking. From then on, the server can tell the device to go and fetch pages from other websites, using the user’s home internet connection to do it. The researcher found the channel that carries those jobs has none of the usual security checks, and described it as weaker than the controls built into most malware. On iPhones, the researcher found that this traffic slips past a VPN, and that much of what the app does does not show up in the tools security teams normally use to monitor apps.
The device can also keep relaying in the background while someone is watching the screen or on a call, as long as the battery is not low. The consent gap The opt-in screen does not match what the SDK actually allows. In one Roku app, Petflix, the screen said it would use the device and its connection “occasionally.” The settings the SDK loads allow up to 200 GB of traffic a month. In a few countries, including Uzbekistan and Oman, the limits are set far higher, and the device is cleared to keep working almost until the battery runs flat.
The SDK can also tie together a person’s phone and computers that run the same company’s apps, treating them as one user. Bright Data publishes its list of app partners on a page anyone can open, and it includes makers of smart-TV apps such as PlayWorks Digital, CloudTV, and Longvision. The researcher is careful to note that being on the list only shows a company worked with Bright Data at some point, not that its app includes the SDK today. Each one would need to be checked on its own.
An old model, pulled by AI demand None of this is new in shape, only in scale. Bright Data is the successor to Luminati, the paid proxy service that grew out of Hola VPN. In 2015 Hola was caught selling its free users’ bandwidth as exit nodes through Luminati, at $20 a gigabyte. The same model now runs on the always-on box in the living room.
What changed is the buyer. Anti-bot defenses from Cloudflare, DataDome, and others block scrapers coming from datacenter IPs, so AI scrapers route through residential connections instead. Krebs reported in October 2025 that proxies from botnets like Aisuru are fueling large-scale AI data harvesting, and Google dismantled the criminal IPIDEA proxy network in January. Those operations hijack consumer devices; Bright Data says its exit nodes opt in through a consent screen.
That consent is the line between the two, and whether it is meaningful is the open question. Lowpass, syndicated by The Verge, first surfaced the smart-TV angle in February, and this is the technical teardown. Google, Amazon, and Roku have since restricted background proxy SDKs, and Bright Data dropped those platforms, though it still lists Samsung’s Tizen and LG’s webOS. What to do The traffic is easy to spot and block.
On a home network, the simplest step is to block the web addresses the SDK uses to connect, with a router-level tool like Pi-hole or NextDNS. The main ones are proxyjs.brdtnet.com, proxyjs.luminatinet.com, proxyjs.bright-sdk.com, clientsdk.bright-sdk.com, and clientsdk.brdtnet.com. According to the research, blocking these stops the device from acting as a relay without affecting Bright Data’s paid service, which runs on separate addresses. Companies that manage staff phones can also scan for apps that carry the SDK.
One catch: on a mobile connection, the traffic sidesteps office Wi-Fi, so a network block alone will not always catch it. Bright Data could also change how the SDK connects in the future, which would mean any blocklist needs updating. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.
CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi-protocol file server software to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-28318 (CVSS score: 7.5), is a denial-of-service (DoS) bug that causes the service to crash under certain conditions. CISA described it as an uncontrolled resource consumption vulnerability that results in a DoS condition.
“SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate,” SolarWinds said in an advisory released earlier this week. The issue has been addressed in SolarWinds Serv-U version 15.5.4 HF1. As mitigations, it’s advised to limit access to known addresses and block any request containing “content-encoding” since the vulnerable service does not require this functionality. There are currently no details on how the vulnerability is being exploited in real-world attacks, or who is behind them.
It’s also unclear how many internet-exposed Serv-U instances are compromised, if any. CISA has ordered Federal Civilian Executive Branch (FCEB) agencies to address the flaw by June 19, 2026. In the past, multiple flaws in Serv-U have been exploited by bad actors, including those associated with the Cl0p ransomware gang . Found this article interesting?
Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.